Cisco Secure Firewall 6100 Series Data Sheet
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The Cisco Secure Firewall 6100 Series is an AI-ready, ultra-high-performance firewall engineered to deliver exceptional throughput per rack unit. Optimized for high-demand data center and service provider environments, the 6100 Series features a multi-socket, multi-core architecture that accelerates threat inspection. Its dedicated cryptographic modules drive high-throughput IPsec and TLS connection termination at scale, providing industry-leading performance in a compact 2-Rack-Unit (2RU) form factor.
Table 1. Key capabilities of the Cisco Secure Firewall 6100 Series
| Secure Firewall 6100 Series with Firewall Threat Defense Software |
|
| Unmatched performance:
● Achieve up to 700 Gbps of throughput in a single 2RU form factor with Next-Generation Firewall (NGFW) capabilities enabled, and up to 615 Gbps with Intrusion Prevention System (IPS) active.
● Supports a comprehensive range of network modules, scaling from 1G up to high-performance 400G QSFP-DD interfaces.
|
Superior visibility:
● Gain insight into encrypted traffic at line rate with the Encrypted Visibility Engine (EVE). Selectively decrypt TLS 1.3 and Quick UDP Internet Connections (QUIC) traffic as necessary.
● Accurately identify and control more than 8200 applications, enabling precise policy enforcement across cloud, SaaS, and custom workloads.
|
| Carrier-grade firewalling:
● Delivers carrier-class performance with clustering support, Carrier-Grade Network Address Translation (CGNAT), and specialized carrier license packages tailored for Service Providers.
● Enables scalable Security Gateway (SEG) deployments for 3G, 4G, and 5G mobile networks, delivering up to 550 Gbps of IPsec tunnel termination performance.
● Inspect GPRS Tunneling Protocol (GTP), Session Initiation Protocol (SIP), Diameter, and other telecom protocols at scale.
|
Advanced threat defense:
● Defend against zero-day vulnerabilities using SnortML, an on-box machine learning engine that detects threats in real-time without requiring immediate signature updates.
● Perform on-premises dynamic analysis with Spero, ClamAV and cloud-based sandboxing to detect and stop evasive malware.
|
| Robust high availability:
● Ensures maximum uptime with N+1 clustering scalability, N+1 fan redundancy, and 1+1 power supply redundancy.
● With its fail-to-wire network modules, 6100 Series firewall enables continuous connectivity even in case of any data plane failure.
|
Simplified management:
● Scale effortlessly: Manage up to 1,500 firewalls now, scaling to 2,000, via Security Cloud Control Firewall, manager optimized for Hybrid Mesh Firewall and MSSP environments. Use prebuilt templates and streamlined migration tools for fast, consistent global deployment without extra overhead.
● Unified management, smarter security: A single intuitive console unifies logging and event viewing. Integrated AIOps converts telemetry into actionable insights and automated policy recommendations, enabling faster resolution, less alert fatigue, and proactive threat response.
|
3D view of 6100 Series firewall
Front panel of 6100 Series firewall
Front panel of 6100 Series firewall (with two network modules)
Back panel of 6100 Series firewall
Cisco Secure Firewall 6100 Series supports both Firewall Threat Defense (FTD) and Adaptive Security Appliance (ASA) software. The FTD software offers all the advanced next-generation security capabilities, whereas ASA software can deliver higher throughput for stateful inspection.
Table 2. Cisco Secure Firewall 6100 Series performance with the Cisco Secure Firewall Threat Defense (FTD) software
| Metric |
6160 |
6170 |
| Throughput: Firewall + Application Visibility and Control (AVC) (1024B) |
600 Gbps |
700 Gbps |
| Throughput: AVC + Intrusion Prevention System (IPS) (1024B) |
550 Gbps |
600 Gbps |
| NGFW Throughput: FW + AVC + IPS (1024B) |
550 Gbps |
600 Gbps |
| IPSec VPN Throughput (1024B TCP w/Fastpath) |
450 Gbps |
550 Gbps |
| TLS Decryption[1] |
100 Gbps |
150 Gbps |
| Application Visibility and Control (AVC) |
Standard, supporting more than 8100 applications, as well as geolocations, users, and websites |
|
Table 3. Cisco Secure Firewall 6100 Series performance with the Cisco Adaptive Security Appliance (ASA) software
| Metric |
6160 |
6170 |
| Stateful inspection firewall throughput (1500 B UDP)[2] |
650 Gbps |
750 Gbps |
| Stateful inspection firewall throughput (HTTP 1024 Byte) |
650 Gbps |
750 Gbps |
| IPsec VPN throughput (450B UDP L2L test) |
300 Gbps |
370 Gbps |
Note: Performance will vary depending on features activated, network traffic protocol mix, and packet size characteristics. Performance is subject to change with new software releases. Consult your Cisco representative for detailed sizing guidance.
Table 4. Cisco Secure Firewall 6100 Series scalability with the Cisco Secure Firewall Threat Defense (FTD) software
| Metric |
6160 |
6170 |
| Maximum concurrent sessions, with AVC |
75 Million |
105 Million |
| Maximum new connections per second, with AVC |
1.5 Million |
2.7 Million |
| Maximum VPN peers |
60 K |
60 K |
| Maximum virtual router instances (VRF) |
250 |
|
| High availability |
Active/Standby, Active/Active (with clustering) |
|
| Instances (Multi-Instance) |
Available in future release |
|
| Clustering |
Up to 16 |
|
Table 5. Cisco Secure Firewall 6100 Series scalability with the Cisco Adaptive Security Appliance (ASA) software
| Metric |
6160 |
6170 |
| New connections per second |
4.5 Million |
5.5 Million |
| Concurrent firewall connections |
180 Million |
180 Million |
| Maximum VPN Peers |
60 K |
60 K |
| High availability |
Active/Active and Active/Standby |
|
| Security contexts |
Included 10, maximum 250 |
|
| Clustering |
Up to 16 |
|
Table 6. Cisco Secure Firewall 6100 Series hardware specifications
| Specification |
6160 |
6170 |
||
| Form factor |
2 RU for 19" Rack |
|||
| Fixed ports |
12 x 1/10/25/50 Gigabit Ethernet SFP56 Ports 4 x 40/100/200 Gigabit Ethernet QSFP56 Ports |
|||
| Management Ethernet |
2 x 1/10/25 Gigabit Ethernet SFP28 Ports |
|||
| Network Modules |
Standard Ethernet Modules
● 8 x 1/10 Gigabit Ethernet SFP+ Network Module
● 8 x 1/10/25 Gigabit Ethernet SFP28 Network Module
● 4 x 40 Gigabit Ethernet QSFP+ Network Module
● 4 x 40/100/200 Gigabit Ethernet QSFP56 Network Module
● 2 x 40/100 Gigabit Ethernet QSFP28 Network Module
● 2 x 200/400 Gigabit Ethernet QSFP-DD Network Module
Fail-to-Wire (FTW) Modules
● 8 x 1 Gigabit Ethernet Copper Fail-to-Wire (FTW) Network Module
● 6 x 1 Gigabit Ethernet SX Fiber Fail-to-Wire (FTW) Network Module
● 6 x 10 Gigabit Ethernet SR Fiber Fail-to-Wire (FTW) Network Module
● 6 x 10 Gigabit Ethernet LR Fiber Fail-to-Wire (FTW) Network Module
● 6 x 25 Gigabit Ethernet SR Fiber Fail-to-Wire (FTW) Network Module
● 6 x 25 Gigabit Ethernet LR Fiber Fail-to-Wire (FTW) Network Module
|
|||
| Maximum number of interfaces |
Interface Speed / Type |
Fixed Ports |
Expansion (2 Slots) |
Total Maximum Ports |
| 1 / 10 / 25 / 50 Gigabit (SFP56) |
12 Ports |
+ 16 (via 2x 8-port modules, SFP28) |
28 Ports |
|
| 40 / 100 / 200 Gigabit (QSFP56) |
4 Ports |
+ 8 (via 2x 4-port modules, QSFP56) |
12 Ports |
|
| 400 Gigabit (QSFP-DD) |
0 Ports |
+ 4 (via 2x 2-port modules, QSFP-DD) |
4 Ports |
|
| Management (SFP28) |
2 Ports |
N/A |
2 Ports |
|
| Note: 50G Support: Only the 12 Fixed SFP56 ports support native 50G speeds (Modules listed are SFP28 maxing at 25G). FTW (Fail-to-Wire): If using Fail-to-Wire modules (6-ports each), the total 1/10/25G count would be 24 ports (12 Fixed + 12 Module). The above port counts do not factor in the breakout capability supported by different interfaces. |
||||
| Console port |
1 x RJ-45 console |
|||
| USB port |
1 USB 3.0 |
|||
| Storage |
2 x 3.6 TB |
2 x 7.2 TB |
||
| Power over Ethernet |
N/A |
|||
| Transceiver support |
Refer to Cisco Secure Firewall (CSF) 6100 Hardware Installation Guide |
|||
| Mean Time Between Failure (MTBF) |
Chassis: 212,000 Hours |
Chassis: 206,000 Hours |
||
| Chassis dimensions (HxWxD) |
3.5” H x 16.9” W x 32.5” D (8.89 cm x 42.93 cm x 82.55 cm) |
|||
| Weight |
66lbs (29.94kg), fully loaded |
|||
| Cooling |
4 Field Replaceable Fan module; every module has 2 fans |
|||
| Rack mountable |
Yes, mount rails included (4-post EIA-310-D rack) |
|||
| Power Supply Details |
||||
| Configuration |
Dual high-voltage AC/DC power supplies.
● High Line AC: Up to 3000W per power supply, hot-swappable, load-sharing redundancy.
● Low Line AC: Up to 1500W per power supply, load sharing with no redundancy.
Dual low-voltage DC power supplies offered.
● Both Inputs Connected: Up to 3000W per power supply, hot-swappable, load-sharing redundancy.
● One Input Connected: Up to 1500W per power supply, load sharing with no redundancy.
|
|||
| AC input voltage |
100 to 120 VAC (HVAC low line); 200 to 277 VAC (HVAC high line) |
100 to 120 VAC (HVAC low line); 200 to 277 VAC (HVAC high line) |
||
| AC input frequency |
50—60 Hz |
50—60 Hz |
||
| HVDC input voltage |
240 to 380 VDC |
240 to 380 VDC |
||
| LVDC input voltage |
—48VDC to —60VDC |
—48VDC to —60VDC |
||
| AC current draw, maximum |
13 Amperes (high line AC) |
14 Amperes (high line AC) |
||
| System HVDC current draw, maximum |
11 Amperes |
12 Amperes |
||
| System LVDC current draw, maximum |
29 Amperes |
33 Amperes |
||
| Power consumption, typical |
1740 Watts |
2010 Watts |
||
| Power consumption, maximum |
2440 Watts |
2760 Watts |
||
| Redundancy |
1+1 Redundancy
● Redundant only with dual HVAC, HVDC, or dual-input LVDC.
● LVAC and single-input DC do not support redundancy.
|
|||
| Operating Range |
||||
| Temperature: operating |
32°F to 104°F (0°C to 40°C) |
|||
| Humidity: operating |
5% to 90% (non-condensing) |
|||
| Altitude: operating |
0 to 10,000 ft. De-rate the maximum operating temperature 1°C/1K-ft. above 6000 ft. |
|||
| Acoustic noise |
Sound Pressure: <=74 dBA (typical), <= 90 dBA (maximum) Sound Power: <=81 dB (typical), <=98 dB (maximum) |
|||
| Non-operating/storage environment |
||||
| Temperature: nonoperating |
–40°F to 158°F (–40°C to 70°C) |
|||
| Humidity: nonoperating |
5% to 95% (non-condensing) |
|||
| Altitude: nonoperating |
40,000 ft. |
|||
For details on product regulatory compliance in a specific market, consult the Cisco Product Approvals tool.
Table 7. Cisco Secure Firewall 6100 Series regulatory, safety, and Electromagnetic Compatibility (EMC) compliance
| Specification |
Description |
| Regulatory compliance |
Products comply with CE markings per directives 2014/30/EU and 2006/108/EC |
| Safety |
● UL 62368-1
● UL 60950-1
● CAN/CSA-C22.2 No. 62368-1
● CAN CSA C22.2 60950-1
● EN 62368-1
● IEC 62368-1
● AS/NZS 62368.1
● GB4943.1
|
| EMC: Emissions |
● FCC 47CFR15 Class A
● AS/NZS CISPR 32 Class A
● EN55032/CISPR 32 Class A
● ICES-003 Class A
● VCCI Class A
● KS C 9832 Class A
● CNS-15936 Class A
● EN61000-3-2 Power Line Harmonics
● EN61000-3-3 Voltage Changes, Fluctuations, and Flicker
|
| EMC: Immunity |
● IEC/EN61000-4-2 Electrostatic Discharge Immunity
● IEC/EN61000-4-3 Radiated Immunity
● IEC/EN61000-4-4 EFT-B Immunity
● IEC/EN61000-4-5 Surge
● IEC/EN61000-4-6 Immunity to Conducted Disturbances
● IEC/EN61000-4-11 Voltage Dips, Short Interruptions, and Voltage Variations
● KS C 9835
|
| EMC: ETSI/EN |
● EN 300 386 Telecommunications Network Equipment (EMC)
● EN55032/CISPR32 Multimedia Equipment (Emissions)
● EN55035/CISPR 35 Multimedia Equipment (Immunity)
● EN61000-6-1, EN61000-6-2 Generic Immunity Standards
|
The product IDs of the Cisco Secure Firewall 6100 Series hardware appliances are listed below. For information on licenses, subscriptions, and other options associated with the product, refer to the Cisco Network Security Ordering Guide.
Table 8. Cisco Secure Firewall 6100 Series Product IDs
| Product ID |
Description |
| CSF6160-A-TD-K9 |
Cisco Secure Firewall 6160 Appliance, Threat Defense |
| CSF6160-A-ASA-K9 |
Cisco Secure Firewall 6160 Appliance, ASA |
| CSF6170-A-TD-K9 |
Cisco Secure Firewall 6170 Appliance, Threat Defense |
| CSF6170-A-ASA-K9 |
Cisco Secure Firewall 6170 Appliance, ASA |
Information about Cisco’s environmental sustainability policies and initiatives for our products, solutions, operations, and extended operations or supply chain is provided in the “Environment Sustainability” section of Cisco’s Corporate Social Responsibility (CSR) Report.
Table 9. Reference links to information about key environmental sustainability topics (mentioned in the “Environment Sustainability” section of the CSR Report)
| Sustainability topic |
Reference |
| Information on product material content laws and regulations |
|
| Information on electronic waste laws and regulations, including products, batteries, and packaging |
Cisco makes the packaging data available for informational purposes only. It may not reflect the most current legal developments, and Cisco does not represent, warrant, or guarantee that it is complete, accurate, or up to date. This information is subject to change without notice.
[1] Throughput measured with 50% TLS 1.2 traffic with AES256-SHA with RSA 2048B keys.
[2] Throughput measured with 1500B User Datagram Protocol (UDP) traffic measured under ideal test conditions.